Why AI-driven automation is forcing identity systems to rethink delegation, authority, and control

For most organizations, non-human identities are nothing new.

Long before the recent surge of interest in AI agents, identity teams were already managing automated actors: service accounts, integration pipelines, batch jobs, infrastructure tools, and applications calling APIs across distributed systems. These systems authenticate, request access, and perform tasks every day. Managing their credentials and permissions has long been a core part of identity architecture.

What is changing now is not the existence of automation. It is the nature of the automation itself.

Traditional automation tends to be predictable. A deployment pipeline calls a defined set of APIs. A scheduled job performs a known task. Even complex integrations usually follow deterministic paths designed by engineers.

AI agents introduce a different operating model.

Instead of executing predefined instructions, they may interpret prompts, select tools dynamically, and chain together actions across multiple systems. In many environments, they are explicitly designed to act on behalf of users, translating intent into automated activity.

That shift raises a new set of identity questions—not simply how a system authenticates, but whose authority it is exercising and how that authority should be governed.

The difference between automation and autonomy

Identity teams already know how to manage machine identities. Service accounts, workload identities, and short-lived credentials are common tools in modern infrastructure. Cloud platforms have invested heavily in improving how workloads authenticate securely without relying on static secrets.

AI agents sit on top of that foundation but behave differently.

Rather than performing a single scripted task, an agent may:

• interpret instructions from a user
• determine which tools or APIs to invoke
• interact with multiple systems during a single workflow
• generate actions that were not explicitly scripted in advance

In effect, the agent becomes an intermediary between a user’s intent and the systems that carry out that intent.

That intermediary role introduces new pressure on identity architectures originally designed around more predictable actors.

Why API keys quickly reach their limits

Many AI integrations today rely on a familiar mechanism: the API key. It works. It is simple. But it was never designed to represent dynamic delegation of authority.

An API key typically grants persistent access to a service with relatively broad permissions. Once issued, it may live far longer than the task it was originally intended to support.

When AI agents operate across multiple services—and potentially on behalf of multiple users—this model becomes difficult to manage safely. Organizations quickly run into questions such as:

• Which user authorized the agent to act?
• What scope of authority should the agent have?
• How long should that authority last?
• How should actions be attributed and audited?

Static credentials struggle to capture those nuances.

As a result, many organizations experimenting with AI-driven workflows are discovering that credential management alone is not enough. What matters is how authority is delegated, constrained, and monitored.

Identity systems are becoming the control layer for AI activity

As AI agents move from experimentation into production environments, identity systems will increasingly define the boundaries of what those agents can do.

That means identity teams will need to think about:

• delegated authority – how agents act on behalf of users
• intent scoping – limiting actions to specific tasks or workflows
• auditability – recording what actions agents perform and under whose authority
• revocation – ensuring access can be withdrawn quickly when necessary

These concerns are not entirely new. Identity professionals have spent years building systems for delegated authorization and policy enforcement.

What is new is the scale and unpredictability of the actors exercising that delegation.

Sessions worth your time

For readers interested in how these challenges are beginning to surface across the industry, several Identiverse sessions explore the intersection of AI and identity from different angles.

Some focus on how AI agents authenticate and access services.

• Stop Giving AI Agents API Keys: Intent-Scoped, Delegated Access
• OAuth for the Model Context Protocol

These sessions explore emerging approaches for replacing static credentials with task-scoped authorization models that better reflect how AI systems actually operate.

Others look at how identity teams may need to rethink governance and architecture as autonomous software actors become part of enterprise environments.

• Toward a Zero Trust Architecture for Agent Identities
• Giving AI Models a Verifiable Digital Identity

These discussions examine how organizations might manage lifecycle, policy, and trust for a new category of identities that do not fit neatly into traditional user or workload models.

And some sessions offer a view into how large-scale AI platforms are already addressing identity challenges in practice.

• Identity at OpenAI
• The Agentic AI Arms Race: Separating Synthetic from Human

Together, these sessions highlight a pattern that is becoming increasingly clear: identity systems are evolving beyond verifying users and workloads. They are becoming the governance layer for software agents acting on behalf of humans and organizations.

The next identity frontier

Identity architecture has evolved repeatedly over the past two decades.

The rise of APIs forced organizations to rethink authentication for distributed services. Cloud computing introduced new approaches to workload identity and delegated authorization.

AI agents represent the next step in that evolution.

As organizations deploy systems capable of acting across multiple services and workflows, identity architectures will determine how safely and transparently those systems operate.

The core question will not simply be who is authenticated, but who—or what—is allowed to act on behalf of whom.

In the next post in this series, we will explore that question more deeply by examining how delegation and authority models are evolving as AI systems begin participating directly in enterprise workflows.